From f57d1780fb7f88965d74b1980c89101557b41bbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Tue, 19 Mar 2024 20:31:02 +0100 Subject: [PATCH] feat(fatteh): integrate into niveum --- configs/default.nix | 5 - configs/fu-berlin.nix | 6 - configs/gnome.nix | 5 + configs/ssh.nix | 5 + configs/{battery.nix => tlp.nix} | 0 flake.lock | 8 +- flake.nix | 13 ++ lib/default.nix | 2 +- lib/retiolum-network.nix | 5 + secrets | 2 +- systems/fatteh/configuration.nix | 146 +++++----------------- systems/fatteh/hardware-configuration.nix | 4 + systems/kabsa/configuration.nix | 4 +- systems/manakish/configuration.nix | 2 +- 14 files changed, 72 insertions(+), 135 deletions(-) create mode 100644 configs/gnome.nix rename configs/{battery.nix => tlp.nix} (100%) diff --git a/configs/default.nix b/configs/default.nix index bc7c4275..2bf5e415 100644 --- a/configs/default.nix +++ b/configs/default.nix @@ -83,16 +83,11 @@ in { users.users.me = { name = "kfm"; description = kieran.name; - hashedPasswordFile = config.age.secrets.kfm-password.path; isNormalUser = true; uid = 1000; extraGroups = ["pipewire" "audio"]; }; - age.secrets = { - kfm-password.file = ../secrets/kfm-password.age; - }; - home-manager.users.me.xdg.enable = true; } { diff --git a/configs/fu-berlin.nix b/configs/fu-berlin.nix index ff2c3bd3..66135548 100644 --- a/configs/fu-berlin.nix +++ b/configs/fu-berlin.nix @@ -68,12 +68,6 @@ in { group = config.users.users.me.group; mode = "400"; }; - blackboard-calendar-ics = { - file = ../secrets/blackboard-calendar-ics.age; - owner = config.users.users.me.name; - group = config.users.users.me.group; - mode = "400"; - }; }; # https://www.zedat.fu-berlin.de/tip4u_157.pdf diff --git a/configs/gnome.nix b/configs/gnome.nix new file mode 100644 index 00000000..d46dbef8 --- /dev/null +++ b/configs/gnome.nix @@ -0,0 +1,5 @@ +{ + services.xserver.enable = true; + services.xserver.displayManager.lightdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; +} diff --git a/configs/ssh.nix b/configs/ssh.nix index a521f316..aab8768c 100644 --- a/configs/ssh.nix +++ b/configs/ssh.nix @@ -74,6 +74,11 @@ in { user = "kfm"; port = sshPort; }; + fatteh = { + hostname = "fatteh.hr"; + user = "kfm"; + port = sshPort; + }; }; }; } diff --git a/configs/battery.nix b/configs/tlp.nix similarity index 100% rename from configs/battery.nix rename to configs/tlp.nix diff --git a/flake.lock b/flake.lock index fa0e1bdc..e5d5a767 100644 --- a/flake.lock +++ b/flake.lock @@ -1179,11 +1179,11 @@ }, "retiolum_2": { "locked": { - "lastModified": 1708082526, - "narHash": "sha256-Zp5qGHlJge93vM2Z+5jGyyD6o48NvmCjjaujeZJ1vsI=", + "lastModified": 1710877137, + "narHash": "sha256-oc6CXM2abODnQ4q+/A5a+9SXrdRVp5pwyv7rKO/YUiw=", "ref": "refs/heads/master", - "rev": "00af6f8e749d720a0423834024adafef4f9ebf03", - "revCount": 338, + "rev": "3506e34e564a777015718007ec9b8847fcd38637", + "revCount": 339, "type": "git", "url": "https://git.thalheim.io/Mic92/retiolum" }, diff --git a/flake.nix b/flake.nix index 94f0b474..63d2b9b5 100644 --- a/flake.nix +++ b/flake.nix @@ -102,6 +102,7 @@ makanek = "root@makanek"; manakish = "root@manakish"; kabsa = "root@kabsa"; + fatteh = "root@fatteh"; }; in lib.attrsets.nameValuePair "deploy-${hostname}" { @@ -266,6 +267,18 @@ stylix.nixosModules.stylix ]; }; + fatteh = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + specialArgs = niveumSpecialArgs system; + modules = [ + systems/fatteh/configuration.nix + agenix.nixosModules.default + retiolum.nixosModules.retiolum + home-manager.nixosModules.home-manager + nur.nixosModules.nur + stylix.nixosModules.stylix + ]; + }; }; } // flake-utils.lib.eachSystem [flake-utils.lib.system.x86_64-linux flake-utils.lib.system.x86_64-darwin flake-utils.lib.system.aarch64-linux] (system: let diff --git a/lib/default.nix b/lib/default.nix index 539e1478..f5444b9f 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -70,7 +70,7 @@ sshKeys = pkgs: pkgs.lib.strings.splitString "\n" (pkgs.lib.strings.fileContents (pkgs.fetchurl { url = "https://github.com/kmein.keys"; - hash = "sha256-TVv1UHfNs3zIW8vrnCG7PPeMtgr2SDjrb8yZBMvp9/A="; + hash = "sha256-kabB1yNEToMw1Lcf4WYx4IfuuLzHOPvABTQku5CE60A="; })); }; diff --git a/lib/retiolum-network.nix b/lib/retiolum-network.nix index 58914d61..c16fd630 100644 --- a/lib/retiolum-network.nix +++ b/lib/retiolum-network.nix @@ -19,6 +19,11 @@ ipv6 = "42:0:3c46:f7a9:1f0a:1b2b:822a:6050"; }; + fatteh = { + ipv6 = "42:0:3c46:aa73:82b0:14d7:7bf8:bf2"; + ipv4 = "10.243.2.77"; + }; + manakish = { ipv4 = "10.243.2.85"; ipv6 = "42:0:3c46:ac99:ae36:cb8:c551:ba27"; diff --git a/secrets b/secrets index 8243109d..8fe34783 160000 --- a/secrets +++ b/secrets @@ -1 +1 @@ -Subproject commit 8243109d2205dc75fbca761efc7d5d267aea4534 +Subproject commit 8fe347833a9112802c5361a67c73469f3527aba0 diff --git a/systems/fatteh/configuration.nix b/systems/fatteh/configuration.nix index 0cddea4c..e73f0b8d 100644 --- a/systems/fatteh/configuration.nix +++ b/systems/fatteh/configuration.nix @@ -2,128 +2,44 @@ config, pkgs, ... -}: { +}: let + inherit (import ../../lib) retiolumAddresses; +in { imports = [ ./hardware-configuration.nix + ../../configs/networkmanager.nix + ../../configs/default.nix + # ../../configs/gnome.nix ]; - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.initrd.luks.devices."luks-aa6beb1b-3e54-4a0e-ac9c-e0c007d73cd5".device = "/dev/disk/by-uuid/aa6beb1b-3e54-4a0e-ac9c-e0c007d73cd5"; - networking.hostName = "nixos"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Enable networking - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "de_DE.UTF-8"; - LC_IDENTIFICATION = "de_DE.UTF-8"; - LC_MEASUREMENT = "de_DE.UTF-8"; - LC_MONETARY = "de_DE.UTF-8"; - LC_NAME = "de_DE.UTF-8"; - LC_NUMERIC = "de_DE.UTF-8"; - LC_PAPER = "de_DE.UTF-8"; - LC_TELEPHONE = "de_DE.UTF-8"; - LC_TIME = "de_DE.UTF-8"; - }; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - - # Configure keymap in X11 - services.xserver = { - layout = "de"; - xkbVariant = "T3"; - }; - - # Configure console keymap - console.keyMap = "de"; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; + niveum = { + batteryName = "BAT1"; + wirelessInterface = "wlp3s0"; + promptColours.success = "blue"; }; - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.kfm = { - isNormalUser = true; - description = "Kierán Meinhardt"; - extraGroups = ["networkmanager" "wheel"]; - packages = with pkgs; [ - firefox - # thunderbird - ]; + stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/onedark.yaml"; + + age.secrets = { + retiolum-rsa = { + file = ../../secrets/fatteh-retiolum-privateKey-rsa.age; + mode = "400"; + owner = "tinc.retiolum"; + group = "tinc.retiolum"; + }; + retiolum-ed25519 = { + file = ../../secrets/fatteh-retiolum-privateKey-ed25519.age; + mode = "400"; + owner = "tinc.retiolum"; + group = "tinc.retiolum"; + }; + restic.file = ../../secrets/restic.age; + syncthing-cert.file = ../../secrets/fatteh-syncthing-cert.age; + syncthing-key.file = ../../secrets/fatteh-syncthing-key.age; }; - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; + networking.hostName = "fatteh"; + networking.retiolum = retiolumAddresses.fatteh; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.11"; # Did you read the comment? + system.stateVersion = "23.11"; } diff --git a/systems/fatteh/hardware-configuration.nix b/systems/fatteh/hardware-configuration.nix index eacdaf69..e7a4e711 100644 --- a/systems/fatteh/hardware-configuration.nix +++ b/systems/fatteh/hardware-configuration.nix @@ -16,6 +16,10 @@ boot.initrd.kernelModules = []; boot.kernelModules = ["kvm-intel"]; boot.extraModulePackages = []; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.luks.devices."luks-aa6beb1b-3e54-4a0e-ac9c-e0c007d73cd5".device = "/dev/disk/by-uuid/aa6beb1b-3e54-4a0e-ac9c-e0c007d73cd5"; fileSystems."/" = { device = "/dev/disk/by-uuid/42b747ff-a432-4c0e-bb0a-59f0a68c44a2"; diff --git a/systems/kabsa/configuration.nix b/systems/kabsa/configuration.nix index 07381631..a04c83e0 100644 --- a/systems/kabsa/configuration.nix +++ b/systems/kabsa/configuration.nix @@ -8,9 +8,9 @@ in { imports = [ ./hardware-configuration.nix - ../../configs/battery.nix + ../../configs/tlp.nix ../../configs/default.nix - ../../configs/networkmanager.nix # TODO how to get passwords into there? + ../../configs/networkmanager.nix ]; niveum = { diff --git a/systems/manakish/configuration.nix b/systems/manakish/configuration.nix index a5d3433a..8a60db93 100644 --- a/systems/manakish/configuration.nix +++ b/systems/manakish/configuration.nix @@ -10,7 +10,7 @@ in { ./hardware-configuration.nix ./hdmi.nix ../../configs/default.nix - ../../configs/battery.nix + ../../configs/tlp.nix ../../configs/wpa_supplicant.nix ../../configs/admin-essentials.nix ];